ESET Smart Security's ekrn.exe consuming cpu cycles

Discussion in 'ESET Smart Security' started by nipstech, Sep 23, 2008.

Thread Status:
Not open for further replies.
  1. nipstech

    nipstech Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    6
    Location:
    Industry, PA
    I have been noticing an issue that seems to be related to the ekrn module. One of the scenarios when this occurs is as such:

    I open windows explorer, browse to a folder and right-click on a file (either local or on the local network). I get an hourglass and the system stops responding. If I attempt to open task manager it eventually starts. I'm able to see that ekrn.exe is consuming around 80-90% of the cpu (non-kernal). Concurrently, all the desktop icons revert to generic icons, all open windows turn white and any attempts to open new applications fail (don't respond). I can kill the ekrn.exe and the system starts working normally. Ekrn automatically re-loads after approx 3 seconds. I'm using ver. 3.0.672.0, tried uninstalling it, then ran registry clean expert to clean out any residual eset entries and the problem disappears. I re-install ESET and the problem reappears. The same symptoms occur randomly whenever I attempt access to files, such as in Dreamweaver or Outlook.

    I haven't received any reports from any of my clients running ESSET-SS just yet, but want to be proactive since I actively promote this product.

    I can provide any additional information needed to resolve this issue.

    Thanks,
    Jon Smorada
    http://nipstech.com
     
  2. bodgy

    bodgy Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    2,387
    Location:
    Qld.
    I have been occasionally getting this problem as well, though it started a couple of builds ago.

    I wondered if it was clashing with the last version of Acronis Privacy Suite that I have installed.
     
  3. nipstech

    nipstech Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    6
    Location:
    Industry, PA
    I never used the Arconis Privacy Suite, but have used their True Image product. I found that about the only thing it's good for is using the trial version to create a bootable recovery image for a client's new PC. The GUI is cumbersome and I wouldn't use it for everyday use. Paragon Hard Drive backup seems to work better for me personally; every so often I create a new full image and for everyday backups I use NovaNet 11 utilizing a rotation scheme to keep the size of the backups manageable. But I digress...
     
  4. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    Nipstech, I have the same problem which only started after I modified some of the settings in version 672. Unfortunately, I cannot go back to my original settings as I did not save a copy. I reset all the settings to default and just changed the Threatsense ones, but I still have the problem and it only occurs erratically so I can't pinpoint what causes it.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest that you download Process Monitor from Microsoft, filter our operations by ekrn.exe and reproduce the problem. The log should reveal which file(s) the scanner is actually scanning. It could be that an application is continually writing to a log which is subsequently scanned. As an interim solution, you can exclude that file from scanning. Please let us know about your findings.
     
  6. bodgy

    bodgy Registered Member

    Joined:
    Sep 22, 2005
    Posts:
    2,387
    Location:
    Qld.
    I note there is one program that I have that causes buffer overruns when EKRN scans it. (SysInternals reports)

    Would this be an Esset problem or an O&O problem as it is accessing their software when this happens.

    Perhaps I should have started a new thread.
     
  7. Jenee

    Jenee Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    185
    I have the software but really don't know how to use it. Could you explain how to filter by ekrn.exe
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's quite straightforward, just create a filter that will exclude all processes but ekrn.exe as show below:
     

    Attached Files:

  9. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Code:
    316296	12:28:08.8985252	ekrn.exe	1512	QueryAllInformationFile	C:\Users\m\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db	BUFFER OVERFLOW	CreationTime: 03/06/2008 02:46:49, LastAccessTime: 09/09/2008 00:34:28, LastWriteTime: 09/09/2008 00:34:28, ChangeTime: 09/09/2008 00:34:28, FileAttributes: ANCI, AllocationSize: 2,097,152, EndOfFile: 2,097,152, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0xc1000000000971, EaSize: 0, Access: Generic Read, Position: 0, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word
    Thumbnail cache should be exluded by default in my opinion.


    Code:
    342780	12:29:38.3169591	ekrn.exe	1512	ReadFile	C:\ProgramData\ESET\ESET Smart Security\Charon\CACHE.NDB	SUCCESS	Offset: 7,718, Length: 40
    Why isn't this file exluded by default? It appears to be scanned around 100 times a second.
     
  10. Hotep

    Hotep Registered Member

    Joined:
    Jan 7, 2008
    Posts:
    34
    Location:
    Sydney Australia
    I had the same issues especially the high cpu usage. This made my system unstable. This all started after 3.0.650.0 build was updated and so forth. I just switched back to 3.0.650.0, no problems since. (back to normal) I think I will stay with this build till I see signs that this issue is resolved.
     
  11. nipstech

    nipstech Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    6
    Location:
    Industry, PA
    Thanks, guys. I'm on the road right now but I'll download process explorer as soon as I have some free time and do some troubleshooting...Jon
     
  12. WigglyTheGreat

    WigglyTheGreat Registered Member

    Joined:
    Jul 10, 2006
    Posts:
    137
    I had the same issues on two different computers so for now I run nod32 2.7 a/v only and another firewall. Glad at least that older version is stable for you and I would stay there too if I were you.
     
  13. mkret

    mkret Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    27
    Exact same thing here. But with me it was AVI files that caused it. Back to 3.0650.0 and all is fine. I have reported this before. But they want a URL which I do not have. To send a 3/4 gig file is out of the question.

    If it is not resolved by the time my license expires it will be blown out of my machine as well as my clients. :mad: :mad:
     
  14. JoePineapples

    JoePineapples Registered Member

    Joined:
    Oct 5, 2008
    Posts:
    1
    Hi - I've been experiencing the same prob. Am running ESET Smart Security 3.0.672.0.

    ekrn will consume 98-99% of cpu time for periods up to 5-8 mins locking everything up. Have only noticed it in the last few weeks and have been running ESET for a while. Only things new in the last couple of weeks are: Chrome, Java updated itself, itunes updated itself.

    Cant see a pattern as to how it occurs - I can open explorer and select a directory and it locks. Next time it goes straight thru. Same with apps - sometimes it locks, sometimes not. Just tried to to open Advanced Uninstaller Pro v8 and machine was locked for 8mins.

    I've run the process monitor as suggested but not sure what info I can provide to help. There are lots of entries :)
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Do you use default settings or you have altered some options in the real-time protection setup? Does confining the real-time protection to files with default extensions instead of all files make a difference?
     
  16. Bell1

    Bell1 Registered Member

    Joined:
    Mar 22, 2008
    Posts:
    13
    Location:
    South Carolina
    I've been lurking and following this thread and I also have the 100% CPU problem with ekrn.exe. Coupled with the 100% that svchost(dcomlaunch) is trying to use and my machine is completely unusable for the first 15 minutes or so after it boots.
    I discovered the other day that if I set my CPU affinity to use only one core for ekrn.exe and svchost, along with rolling back Smart Security to version 3.0.650 my cpu usage drops considerably and my machine is much more stable after rebooting.
    My question is, would I be correct in guessing that Smart Security won't be affected by doing this? I'm also guessing that the slightly older version should be at least as good as the newest version with latest signatures.
    Thanks
     
  17. mkret

    mkret Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    27
    I have not had a problem with SVCHOST although there is more than one running.

    Unless there have been major updates in the later versions. Which I do not think there was. I think 650 should be fine and that is what I am running.

    They seem (ESET) to be powerless to fix this problem.

    For my clients and myself we will stick to 650 till the year runs out. If it is not fixed before then. I will look for another application for this. ESET will lose a lot of licenses. But such is life in computer programs.
     
  18. Bell1

    Bell1 Registered Member

    Joined:
    Mar 22, 2008
    Posts:
    13
    Location:
    South Carolina
    I agree, I'll take a hard look at other programs next July if there isn't some improvement on this. Oddly enough, the latest version works fine on my wife's XP machine, even though it lacks the power of my machine.
     
  19. mkret

    mkret Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    27
    I suppose that is what makes it so hard for them to track down? It only happens on random systems. Even is there are many.

    I'm outta here. Have a good weekend.
     
  20. nipstech

    nipstech Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    6
    Location:
    Industry, PA
    this thread's been out here over a month with no response from anyone at eset. it makes me wonder whether anyone there is even looking at these forums. i offer this product as the premium product to all of my clients, but now i'm having second thoughts.
     
  21. kevvyb2005

    kevvyb2005 Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    70
    Location:
    London UK
    I got this problem too on a new XP SP3 install with build 672.0

    Had no problems with previous version but don't know know what this was. Tryign to dig out previous version from my backups.

    Are previous versions downloadable from ESET?
     
    Last edited: Oct 31, 2008
  22. kevvyb2005

    kevvyb2005 Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    70
    Location:
    London UK
    Have reinstalled 3.0.667.0 and fingers crossed, so far this seems okay. Will post back if it turns out not to be.
     
  23. kevvyb2005

    kevvyb2005 Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    70
    Location:
    London UK
    No need to wait. Not only was I getting the windows explorer issue mentioned but all navigation was just sluggish. Back to how I remember it now!! Even start up is quicker.

    Get it sorted ESET or you've lost another customer and I have recommended your product to many people.
     
    Last edited: Nov 1, 2008
  24. mkret

    mkret Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    27
    You are really starting to sound like a parrot.

    You have asked this many times of several people. Some as well as myself said they are using the default settings. As to the last question. No it does not.
     
  25. mkret

    mkret Registered Member

    Joined:
    Feb 22, 2008
    Posts:
    27
    Much longer than a month. I brought it up many months ago on AVI files.
     
Thread Status:
Not open for further replies.